An evolving threat for developed markets

Jun 27, 2017

Mobile ransomware actors are focusing their attacks on wealthy countries as developed markets not only have a higher level of income, but also a more advanced and more widely used mobile and e-payment infrastructure.
According to Kaspersky Lab’s annual ransomware report for 2016-2017, this is appealing to criminals because it means they can transfer their ransom in just a couple of taps or clicks. Kaspersky Lab has continued its tradition of reporting on ransomware threats with its second annual study into the issue. The report covers the full two-year period, which, for comparison reasons, has been divided into two parts of 12 months each: from April 2015 to March 2016 and from April 2016 to March 2017. It has chosen these timescales because it witnessed several significant changes in the ransomware threat landscape. Mobile ransomware activity skyrocketed in the first quarter of 2017 with 218,625 mobile Trojan-Ransomware installation packages – 3.5 times more than in the previous quarter. Activity then fell to the average level of the observed two year period. Despite a small relief, the mobile threat landscape is still arousing anxiety, as criminals target nations with developed financial and payment infrastructures that can be easily compromised. In the period of 2015-2016, Germany was the country with the highest percentage of mobile users attacked with mobile ransomware (almost 23%), as a proportion of users attacked with any kind of mobile malware. It was followed by Canada (almost 20%), the UK and the US – exceeding 15%. This changed in 2016-2017 with the US shifting from fourth to first position (almost 19%). Canada and Germany retained their top-3 ranking with almost 19% and over 15% respectively, leaving the UK ranked fourth place with more than 13%. The rise in the US occurred largely due to attacks from the Svpeng and Fusob malware families, the first of which is mainly targeting America. As for Fusob, this malware family was initially focused on Germany, but since Q1 2017 America has topped its list of targets with 28% of attacks. “These geographical changes in the mobile ransomware landscape could be a sign of the trend to spread attacks to rich, unprepared, vulnerable or yet unreached regions. This obviously means that users, especially in these countries, should be extremely cautious when surfing the Web,” sayss Roman Unuchek, security expert at Kaspersky Lab. Other key findings from the KSN report-2017 include: • The total number of users who encountered ransomware between April 2016 and March 2017 rose by 11.4% compared to the previous 12 months (April 2015 to March 2016) – from 2,315,931 to 2,581,026 users around the world;• The proportion of users who encountered ransomware at least once out of the total number of users who encountered malware fell by almost 0.8 percentage points, from 4.34% in 2015-2016 to 3.88% in 2016-2017;• Among those who encountered ransomware, the proportion that encountered cryptors rose by 13.6 percentage points, from 31% in 2015-2016 to 44.6% in 2016-2017;• The number of users attacked with cryptors almost doubled, from 718,536 in 2015-2016 to 1,152,299 in 2016-2017;• The number of users attacked with mobile ransomware fell by 4.62% from 136,532 users in 2015-2016 to 130,232. The top 10 countries with the biggest share of users attacked with PC ransomware as a proportion of all users attacked with any kind of malware in 2016-2017 are: Turkey (almost 8%), Vietnam (around 7,5%), India (over 7%), Italy (around 6,6%), Bangladesh (more than 6%), Japan (almost 6%), Iran (almost 6%), Spain (almost 6%), Algeria (almost 4%), and China (almost 3,8%). This is a very different list compared to 2015-2016, as Turkey, Bangladesh, Japan, Iran, and Spain have since entered the list, all exceeding 5%.